MDKSA-2004:165: koffice Vulnerability Scan

Vulnerability Scan SummaryCheck for the version of the koffice package

Detailed Explanation for this Vulnerability Test

The remote host is missing the patch for the advisory MDKSA-2004:165 (koffice).

Chris Evans discovered numerous vulnerabilities in the xpdf package, which also
effect software using embedded xpdf code, such as koffice (CVE-2004-0888).

Multiple integer overflow issues affecting xpdf-2.0 and xpdf-3.0. Also programs
like koffice which have embedded versions of xpdf. These can result in writing
an arbitrary byte to a possible hacker controlled location which probably could lead
to arbitrary code execution.

iDefense also reported a buffer overflow vulnerability, which affects versions
of xpdf <= xpdf-3.0 and several programs, like koffice, which use embedded xpdf
code. A possible hacker could construct a malicious payload file which could enable
arbitrary code execution on the target system (CVE-2004-1125).

The updated packages are patched to protect against these vulnerabilities.